package com.webserver.controller;

import com.webserver.annotations.Controller;
import com.webserver.annotations.RequestMapping;
import com.webserver.entity.User;
import com.webserver.http.HttpServletRequest;
import com.webserver.http.HttpServletResponse;
import com.webserver.util.DBUtil;

import java.io.*;
import java.net.URISyntaxException;
import java.sql.*;

@Controller
public class UserController {
    private static File userDir;//用来表示存放所有用户信息的目录
    static {
        userDir = new File("./users");
        if(!userDir.exists()){
            userDir.mkdirs();
        }
    }

    @RequestMapping("/regUser")
    public void reg(HttpServletRequest request, HttpServletResponse response){
        System.out.println("开始处理注册!!!!");
        //获取表单信息
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        String nickname = request.getParameter("nickname");
        String ageStr = request.getParameter("age");
        //必要验证
        if(username==null||username.isEmpty()||
            password==null||password.isEmpty()||
            nickname==null||nickname.isEmpty()||
            ageStr==null||ageStr.isEmpty()||!ageStr.matches("[0-9]+")
        ){
            //信息输入有误提示页面
            response.sendRedirect("/reg_info_error.html");
            return;
        }

        System.out.println(username+","+password+","+nickname+","+ageStr);

        int age = Integer.parseInt(ageStr);
        //2 将用户信息插入到数据库的userinfo表中
        try (
                Connection connection = DBUtil.getConnection();
        ){
            Statement statement = connection.createStatement();
            //验证该用户是否存在，若存在则直接响应have_user.html,否则才执行插入操作
            String sql = "SELECT 1 FROM userinfo WHERE username='"+username+"'";
            ResultSet rs = statement.executeQuery(sql);
            if(rs.next()){//判断结果集是否有一条记录
                response.sendRedirect("/have_user.html");
                return;
            }


            /*
                INSERT INTO userinfo (username,password,nickname,age)
                VALUES('xx','xx','xx',2)
             */
            sql = "INSERT INTO userinfo (username,password,nickname,age) " +
                         "VALUES('"+username+"','"+password+"','"+nickname+"',"+age+")";
            System.out.println(sql);
            int num = statement.executeUpdate(sql);
            if(num>0) {
                //利用响应对象要求浏览器访问注册成功页面
                response.sendRedirect("/reg_success.html");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }

    }

    @RequestMapping("/loginUser")
    public void login(HttpServletRequest request, HttpServletResponse response){
        System.out.println("开始处理登录!!!");
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        System.out.println(username+","+password);
        //必要的验证工作
        if(username==null||username.trim().isEmpty()||
                password==null||password.trim().isEmpty()){
            response.sendRedirect("login_info_error.html");
            return;
        }

        try(
            Connection connection = DBUtil.getConnection();
        ){
            // 1' OR '1'='1
            String sql = "SELECT id,username,password,nickname,age " +
                         "FROM userinfo " +
                         "WHERE username=? " +
                         "AND password=?";
            PreparedStatement ps = connection.prepareStatement(sql);
            ps.setString(1,username);
            ps.setString(2,password);
            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                response.sendRedirect("/login_success.html");
            }else{
                //登录失败
                response.sendRedirect("/login_fail.html");
            }

        } catch (SQLException throwables) {
            throwables.printStackTrace();
        }
    }
}
